Details about a particular pipeline change over time - such as the
specific Linux distro or toolchain version. At the same time, the
pipeline files are directly referenced in Azure Pipelines to run the
pipeline and few users have access to change those details.
To make the files less likely to refer to outdated information over
time and reduce the need for an Azure Pipeline administrator to get
involved, the files are updated to drop specific details apart from
the host OS environment used in the pipeline.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Details about a particular pipeline change over time - such as the
specific Linux distro or toolchain version. At the same time, the
pipeline files are directly referenced in Azure Pipelines to run the
pipeline and few users have access to change those details.
To make the files less likely to refer to outdated information over
time and reduce the need for an Azure Pipeline administrator to get
involved, the files are updated to drop specific details apart from
the host OS environment used in the pipeline.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Details about a particular pipeline change over time - such as the
specific Linux distro or toolchain version. At the same time, the
pipeline files are directly referenced in Azure Pipelines to run the
pipeline and few users have access to change those details.
To make the files less likely to refer to outdated information over
time and reduce the need for an Azure Pipeline administrator to get
involved, the files are updated to drop specific details apart from
the host OS environment used in the pipeline.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Details about a particular pipeline change over time - such as the
specific Linux distro or toolchain version. At the same time, the
pipeline files are directly referenced in Azure Pipelines to run the
pipeline and few users have access to change those details.
To make the files less likely to refer to outdated information over
time and reduce the need for an Azure Pipeline administrator to get
involved, the files are updated to drop specific details apart from
the host OS environment used in the pipeline.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Commit aef50446ce
removed gEdkiiPeiMpServices2PpiGuid from UefiCpuPkg.dec
which causes build breaks if an INF [Ppis] section
lists gEdkiiPeiMpServices2PpiGuid. There is no method
for a DEC file for conditionally declare a PPI.
In order to support the migration from use of
gEdkiiPeiMpServices2PpiGuid to the preferred use of the
gPeiMpServices2Ppi, update MpServices2.h in MdePkg
to define EDKII_PEI_MP_SERVICES2_PPI_GUID and
EDKII_PEI_MP_SERVICES2_PPI.
All references to the EDK II PEI MP Services 2 PPI can be
removed after all downstream consumers have had a chance
to perform the migration.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Commit aef50446ce
removed gEdkiiPeiMpServices2PpiGuid from UefiCpuPkg.dec
which causes build breaks if an INF [Ppis] section
lists gEdkiiPeiMpServices2PpiGuid. There is no method
for a DEC file for conditionally declare a PPI.
In order to support the migration from use of
gEdkiiPeiMpServices2PpiGuid to the preferred use of the
gPeiMpServices2Ppi, add gEdkiiPeiMpServices2PpiGuid back
to the UefiCpuPkg.dec.
All references to the EDK II PEI MP Services 2 PPI can be
removed after all downstream consumers have had a chance
to perform the migration.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
The Full variant enables support for EC, which in turn is needed for TLS
1.3. It also increases the size, so turn this on for 4M builds only.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reduce dsc file duplication and simplify updates by moving openssl + tls
configuration to an include file. No functional change.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Fix an issue where input parameters in SCMI messages may be overwritten by
return values during repeated transactions when retrieving large data sets.
This issue affects:
1. ClockDescribeRates: when the number of clock rates exceeds the transfer
limit. According to the SCMI specification (Section 4.6.2.5), the first
and second parameters are initially used to pass clock_id and rate_index.
However, due to SCMI’s shared memory communication mechanism, these same
memory locations are later reused to return status and num_rate_flags.
2. PerformanceDescribeLevels: when the number of performance levels is too
large to return in a single response. As described in Section 4.5.3.5,
the first and second parameters are initially used for domain_id and
level_index, but are overwritten with status and num_levels in the return.
Because SCMI reuses the same shared memory buffer for both input and output,
the return values can override input parameters if the buffer is not properly
re-initialized before each request. This patch ensures that the first and
second parameters are correctly set before every transaction to preserve
input integrity and ensure correct protocol behavior.
Signed-off-by: jie.fu <jie.fu@cixtech.com>
MemoryTypeInformation HOB was built in FD and FIT image format UEFI payload.
But this HOB was not built in ELF image format UEFI payload. Adding this HOB
for ELF image format to keep payload consistent in different image format.
When this HOB is missing, DXE/SMM driver might be dispatched above 4GB and
MemoryType information HOB assists GCD with defragmenting the memory map.
Signed-off-by: Guo Dong <guo.dong@intel.com>
when SMM_SUPPORT is enabled, a build failure was seen since two SMM
libraries are missing. Just add them in the DSC file to fix it.
Signed-off-by: Guo Dong <guo.dong@intel.com>
With current implemenation, all 3 SmmCommunication* functions go through
the same routine, which will dereference the incoming pointer to inspect
whether this is a V3 buffer or not.
However, the caller always pass in the physical addresses, which could
cause the system to page fault after OS take over the runtime control.
This change reverted the common routine to its previous form to handle MM
communicate v1 and v2. Additionally, a specific communicate function for
v3 was created to support MM communicate v3.
Co-authored-by: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This patch updates several CodeQL errors for potential null pointer
access and unguarded header conclusion across production and test
code that have been flagged in the build/security tab in GitHub.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
- Updated Maintainers.txt to include Kun Qin as a maintainer for the ARM-
FFA sections in SecurityPkg.
- Added his contact information: email and GitHub username.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This change introduces a `Tpm2InstanceLibFfa` library to support TPM over
FF-A and works with Tpm2DeviceLibRouter* libraries.
The implementation follows the TPM over FF-A spec v1.0 BET:
https://developer.arm.com/documentation/den0138/latest/
The change is tested on QEMU SBSA virtual platform and proprietary
hardware platforms.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
TPM over FF-A is a mechanism enabling the normal world to communicate
with TPM devices offered as a FF-A service in the secure world.
This update introduces a header file containing definitions from the TPM
over FF-A specification, as detailed in the following documentation:
https://developer.arm.com/documentation/den0138/latest/
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This change adds a new driver Tcg2AcpiFfa. It will publish the TPM2 and
the corresponding SSDT table that is responsible for supporting the
physical presence interface through ASL methods during OS runtime.
Co-authored-by: Raymond Diaz <raymonddiaz@microsoft.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This change adds a new library instance of SmmTcg2PhysicalPresenceLib. It
will directly check on the PCD value instead of relying on the HOB value,
which will require change on the TFA/SPMC side.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This change adds a new driver Tcg2StandaloneMmArm. It will register an
MMI handler that is responsible for supporting the physical presence
interface from ASL methods during OS runtime.
Platforms need to expose the PPI ACPI function GUID in the Standalone MM
secure partition.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This change adds a GUID for the physical presence interface. This is
defined in TCG Physical Presence Interface v1.30, Rev. 00.52: Section
8.1 ACPI Functions.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg. EDKII_PEI_MP_SERVICES2_PPI structure and PPI GUID
are provided as backward compatible references.
These references have been wrapped under a conditional to aid with
its eventual removal.
To enable, define ENABLE_DEPRECATED_EDKII_MP_SERVICES2.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.
Relevant changes have been made here.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.
Relevant changes have been made here.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.
Relevant changes have been made here.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.
Relevant changes have been made here.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.
Relevant changes have been made here.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.
Relevant changes have been made here.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.
The related header and PPI GUID has been removed from UefiCpuPkg
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
EFI_PEI_MP_SERVICES2_PPI has been added to MdePkg.
This PPI earlier existed as EDKII_PEI_MP_SERVICES2_PPI in UefiCpuPkg.
EDKII_PEI_MP_SERVICES2_PPI structure and PPI GUID are provided as
references for backwards compatibility.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
This commit is to add two new APIs in EmbeddedPkg
PrePiHobLib:
1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.
2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.
Signed-off-by: Dun Tan <dun.tan@intel.com>
This commit is to add two new APIs in ArmVirtDxeHobLib:
1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.
2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.
Signed-off-by: Dun Tan <dun.tan@intel.com>
This commit is to add two new APIs in StandaloneMmPkg
StandaloneMmHobLib and StandaloneMmCoreHobLib:
1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.
2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.
Signed-off-by: Dun Tan <dun.tan@intel.com>
This commit is to add two new APIs in UefiPayloadPkg
DxeHobLib and PayloadEntryHobLib:
1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.
2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.
Signed-off-by: Dun Tan <dun.tan@intel.com>
This commit is to add two new APIs in MdeModulePkg
BaseHobLibNull:
1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.
2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.
Signed-off-by: Dun Tan <dun.tan@intel.com>
This commit is to add two new APIs in MdePkg PeiHobLib,
DxeHobLib, DxeCoreHobLib and MockHobLib:
1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.
2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.
Signed-off-by: Dun Tan <dun.tan@intel.com>
This commit is to add two new APIs in HobLib.h:
GetNextMemoryAllocationGuidHob ()
TagMemoryAllocationHobWithGuid ()
The UEFI_PI_SPEC defines the EFI_GUID Name in the
EFI_HOB_MEMORY_ALLOCATION_HEADER as:
A GUID that defines the memory allocation region’s type
and purpose, as well as other fields within the memory
allocation HOB.
Currently there is no API in HobLib to handle this Name
GUID in EFI_HOB_MEMORY_ALLOCATION_HEADER, and the code
logic is common. So the following 2 APIs are added to:
1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.
2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Improve OpalDriverGetDriverDeviceName function that gets device name
through the component name protocol. Currently the function searches for
all handles (as controller handle) to find the right GetControllerName
service for the child handle. The update improves the way to get device
name and supports better performance (e.g. 1681(μs) -> 3(μs) for 1 NVMe
device). This can prevent a compatibility issue for GetControllerName
service of some drivers, which is not flexible for handle parameter
information (e.g. it was found that an EFI driver caused an exception
error/hang when GetControllerName service for the driver is called in
OpalDriverGetDeviceNameByProtocol function).
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
AmdSvsmLib currently doesn't check if SNP enabled, thus using AmdSvsmLib
may errantly cause the caller code to believe SVSM is present. This
leads to boot failure on non-SNP enabled VMs.
We use the PcdConfidentialComputingGuestAttr since it remains valid
after MpInitLib runs which invalidates PcdSevEsWorkArea's cached
sev-status msr which we use to check for SNP enabled in other places.
The added functions ConfidentialComputingGuestHas() and
AmdMemEncryptionAttrCheck() are copied from MpLib.c, which is intended
to be replaced later on with a more minimal library perhaps in MdePkg to
cleanup some of the circular dependencies currently surrounding SvsmLib.
Signed-off-by: Jacob Xu <jacobhxu@google.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>
